Engage your enemy
As regulators around the world get tougher on money laundering, banks are increasingly looking for software solutions to spot criminal transactions
As regulators around the world get tougher on money laundering, banks are increasingly looking for software solutions to spot criminal transactions
With an estimated trillion dollars of criminal money passing through the international banking system every year, money laundering is an increasing problem for financial institutions. Regulators are urging banks to adopt stricter controls and politicians, desperate to intercept terrorist funding, and are passing new laws with tougher penalties for banks that let dirty money through their books.
To protect their systems, banks are increasingly turning to software solutions, some of which are based on artificial intelligence techniques. But just how effective are they? US banks used to treat the purchase of anti-money laundering (AML) software as a checklist compliance issue, and only deployed it to meet specific statutory requirements in high-risk parts of the business, says Breffni McGuire, a senior analyst at Tower Group: “But since 9/11, the situation has altered radically.”
The USA Patriot Act, introduced to thwart terrorist organisations, put a new focus on detecting rather than just monitoring for suspicious activity. “Not surprisingly, bankers developed a new interest in tools and technologies to satisfy the Act,” she says.
The climate has also changed in the UK. City Watchdog, the Financial Services Authority, has made money laundering one of its priorities and fined several leading banks for their poor AML controls. Those penalised include Bank of Ireland, Bank of Scotland and Abbey National, which was fined a record £2.3m.
Those fines had a ‘huge impact’ on the City and encouraged banks to improve their controls, says Carmen Reynolds, a partner at lawyers White & Case. At the same time, the FSA has increased firms’ wider responsibilities by telling them to tackle the risk of money laundering, rather than simply ticking off a list of compliance rules.
Since then, the government has launched a new anti-money laundering and counter-terrorist finance strategy. Economic Secretary to the Treasury, Ed Balls, said the strategy, which has been drawn up with law enforcement agencies, policy departments and the private sector, sets out a series of new measures and key priorities for the future. These strategies are designed to increase the use of the financial system as a weapon against international crime and terrorism. He promised a “comprehensive programme of financial measures, supported by UK-sponsored international standards that deter crime and terrorism; detect it when it happens, disrupt those responsible and hold them to account.”
Frozen assets
The strategy shows that the money laundering and terrorist finance laws passed are already helping to save lives and bring criminals and terrorists to justice, said Balls. Financial institutions are successfully identifying suspicious financial activity, equivalent to around 20 to 30 percent of the estimated annual flow of laundered money in the UK, he said. Nearly 200 bank accounts linked to terrorist suspects have been frozen in the UK and £100m of assets are recovered annually from criminal gangs which are used to fund further action against them and compensate victims. Financial investigations and money laundering prosecutions have increased substantially and new centres of excellence – including specialist teams created to combat money laundering related to international corruption – are now helping to protect the integrity of the UK’s financial system.
Priorities for the future include further steps to promote the proactive use of asset freezing powers, including the creation of a dedicated Treasury Asset Freezing Unit. There are also steps planned to make financial tools a mainstream part of the UK’s approach to tackling crime and terrorism, including through new powers to increase their impact and a radical increase in targets for criminal asset recovery. The government is also developing further data-sharing between the public and private sectors and better pooling of intelligence between different public authorities.
That could all add up to a heavy compliance burden on businesses. But, importantly, the government wants to develop more of a risk-based approach to regulation, whereby scrutiny is focused on those companies most likely to be involved in, or victims of, financial crime. To help with that, the government is committed to providing better guidance to all regulated industries, to cut red tape and to simplify the work they have to do to comply with the existing rules and regulations on money laundering.
The introduction of the European Union’s third money laundering directive, which national governments have to implement by the end of 2007, will continue this risk-based regulatory trend, explains Reynolds. “Regulators are encouraging firms to move to a more risk-based and more qualitative approach that leads firms to look more closely at the operations of those bank accounts in order to spot suspicious activity as it goes on,” she says.
The first line of defence is to prevent criminals from opening accounts, “and the best methodology for that is to stop them at the front door,” says Ken Farrow, a former head of the City of London police fraud squad and now head of fraud and financial crime at Lloyds TSB bank. “That’s why there’s been such an emphasis on know-your-customer and making sure that you do proper due diligence, particularly with business accounts.”
Legitimate
Farrow says that money laundered for organised crime tends to run through business accounts created by front companies. “Banks need to make sure that the businesses are real and that the people running them are legitimate.” The tools for doing that – such as Complinet and World-Check – are “improving all the time,” he says.
Lloyds TSB applies such due diligence tools to every account it opens. “If the background work is done properly and thoroughly, and the tools that are there are applied, it’s very difficult for a money launderer to open an account,” says Farrow. “And so much effort and investment has been put into money laundering prevention, that even if you manage to open an account, it’s not going to be long before something is spotted to enable the warning signals to flash.”
Those flashing warning signals will be set off by a transaction monitoring system – the second line of defence. Such systems match known customer profiles against transaction flows and look for unusual peaks or patterns. If an Italian restaurant suddenly starts banking more cash than others of a similar size, the system would flag the account for closer attention.
Banks have used such systems to spot credit card fraud for some time. “But by applying additional rule sets, they can be used to identify trends that are consistent with money laundering,” explains Ian Fisher, Vice President of internal audit at Morgan Stanley. The more advanced solutions deploy neural networks, a form of artificial intelligence, which enables them to learn and spot patterns better. Leading vendors include Searchspace, SAS, Actimize and Mantas.
“The use of intelligent transaction monitoring systems to detect money laundering is now vital,” says Doug Hopton, former head of group fraud and money laundering prevention for Barclays Bank, because the sheer volume of transactions that banks need to monitor would render any manual approach inoperable.
But such systems will only get a bank so far. Farrow uses Searchspace at Lloyds TSB and says, “it does pretty much everything we want to do,” but the challenge is the increasing volume of transactions. “We’ve learnt and refined the way the software is applied and the rules we use, and we constantly look at trends of fraudulent activity so that we stay up to speed with criminal methodologies,” says Farrow. But investigating the transactions identified as suspicious is a slow, expensive and manual business. As Hopton says, “No matter how good your system, or how well you set your parameters, it will never give you the answer you want: it does not say that is money laundering. It simply tells you that something does not meet the expected profile. You have to then go back to a manual system of looking at the transaction.”
Artificial
And it’s at that reintroduction of the human element that problems arise. “Artificial intelligence tends to be more artificial than it is intelligent,” says Alan Mangelsdorf, Marketing Director at Mantas. “The keys to identifying fraudulent transactions are the people, process, technology and data that is employed in the effort.” Because the police simply do not have enough time to investigate all the suspicious transactions that are reported – there were 200,000 in the UK last year – money launderers are going unpunished. This creates another problem for banks. “It becomes a frustration because we don’t get the feedback that we need to be able to see connections and know something is suspicious,” says Farrow. Without the knowledge of whether a transaction really did involve money laundering or not, the banking software can only learn so much, regardless of how intelligent it is.
One way forward is to take an enterprise-wide approach to the problem, and this is the direction in which three-quarters of international financial services organisations are heading, according to a recent survey from Norkom Technologies. These firms are trying to coordinate their management of financial crime – from fraud to money laundering – across business units, product lines and territories.
“An enterprise-wide approach will massively increase their ability to detect crime and stop it in its tracks,” says Rosemary Turley, a director of Norkom. “The criminal rings that perpetrate fraud or launder money do so across multiple channels, regions, business units and product lines. Combined detection capabilities, which recognise and flag connections between suspicious activity alerts across the enterprise and provide information for coordinated investigations, increase the likelihood of catching the criminals.”
However, the research also found significant barriers to consolidation, including the proliferation of technology in the aftermath of 9/11, which has left institutions with multiple systems that duplicate effort while inhibiting crime detection because of their inability to share information.
Though 54 percent of institutions have invested in technologies to combat money laundering and 47 percent to combat fraud, 42 percent of them say they currently have no way to consolidate the information from these disparate systems. Many of those that have achieved any degree of consolidation have done so only for money laundering or fraud in isolation.
Consolidating compliance
According to Turley, technology proliferation has exacerbated an existing problem caused by the industry’s traditional business structures and rapid growth. “It’s ironic that the very activities that fuel growth – mergers, acquisitions and the creation of new products and channels – also increase an institution’s exposure to crime by fostering silos of activity,” she says. “When multiple technologies operate in isolation, supporting crime fighting structures that are business line, product or geography specific, it is easier for criminals to attack and harder for institutions to stop them.” Turley says companies must take four steps to consolidate their crime and compliance activities.
First: Deploy an overarching technology that consolidates suspicious activity alerts from all of the institution’s detection systems. Apply additional analytics to uncover links and similarities between alerts to reveal the patterns and trends that are the hallmarks of organised crime.
Second: Establish enterprise-wide investigation and case management by consolidating the information needed for any investigation and delivering it directly to the investigator’s desktop. Use consistent, automated workflows and information retrieval techniques to govern investigation and regulatory reporting procedures.
Third: Focus investigatory resource where it is most needed by using technology to segment and prioritise alerts according to complexity, level and types of risk then forwarding them directly to individual investigators with the most relevant experience.
Fourth: Pursue constant evolution of detection scenarios to improve accuracy. The new generation of technologies include self-learning capabilities that allow scenarios to be constantly refined, so that the number of false alerts created and investigations required decrease over time.
Firms that follow these steps will see big improvements, says Turley. Three quarters of those in Norkom’s research said that their investigatory effectiveness would be improved if they could automatically identify links between suspicious activity alerts. The same proportion said that consolidating information from their various detection systems to facilitate centralised investigations would constitute best practice.
So, software investments can help firms to combat money laundering and financial crime, if they go about things in the right way. But those that get it wrong are likely to create as many problems as they solve, and pour money down the drain.
